flathub-maintenance

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow explicitly tells the agent to clone and inspect public GitHub repositories and Flathub PRs (e.g., "git clone https://github.com/flathub/io.github.fjrevoredo.mini-diarium.git", "Check PR status" and "Find the vorarbeiter build for a PR" / "Read the error — expand the failing step logs"), which are untrusted, user-generated third‑party sources that the agent must read and use to decide fixes and follow-up actions.